diff options
author | Fabricio Voznika <fvoznika@google.com> | 2021-06-03 20:05:33 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-06-03 20:07:55 -0700 |
commit | 86cf56eb71215e24fec49272d915f80c9c569c05 (patch) | |
tree | af274931af707e90855a1659496a76b8353a1ea7 /runsc/boot | |
parent | b3c608ef8593bad15f9560899febe3ab1e654a73 (diff) |
Add additional mmap seccomp rule
HostFileMapper.RegenerateMappings calls mmap with
MAP_SHARED|MAP_FIXED and these were not allowed.
Closes #6116
PiperOrigin-RevId: 377428463
Diffstat (limited to 'runsc/boot')
-rw-r--r-- | runsc/boot/filter/config.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 49b503f99..905747954 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -200,6 +200,12 @@ var allowedSyscalls = seccomp.SyscallRules{ seccomp.MatchAny{}, seccomp.MatchAny{}, seccomp.MatchAny{}, + seccomp.EqualTo(unix.MAP_SHARED | unix.MAP_FIXED), + }, + { + seccomp.MatchAny{}, + seccomp.MatchAny{}, + seccomp.MatchAny{}, seccomp.EqualTo(unix.MAP_PRIVATE), }, { |